December 4, 2008 08:18am pst

09.25.2008 at 09:53AM PDT, ID: 23763255

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

6.2

XP Pro machine random blue screen

Asked by cja-tech-guy in Windows XP Operating System

Tags: Microsoft, XP Pro, new machine less than 4 months old

I ahve a brand new Dell Latitude D830 running Windows XP Pro and it is blue screening at random. Will work fine for a week, a month and then it will blue screen while working or while idle. It is connected to a 2003 AD network. I copied the minidump file to my own workstaion and ran the debugger on it. I am not sure if that is the correct way to run the debug. The event viewer error is:
Event Type: Error
Event Source: System Error
Event Category: (102)
Event ID: 1003
Date: 9/24/2008
Time: 5:38:15 PM
User: N/A
Computer: machine-name
Description:
Error code 00000027, parameter1 baad00a3, parameter2 ba4ef2d4, parameter3 ba4eefd0, parameter4 b7688c1a.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Data:
0000: 53 79 73 74 65 6d 20 45 System E
0008: 72 72 6f 72 20 20 45 72 rror Er
0010: 72 6f 72 20 63 6f 64 65 ror code
0018: 20 30 30 30 30 30 30 32 0000002
0020: 37 20 20 50 61 72 61 6d 7 Param
0028: 65 74 65 72 73 20 62 61 eters ba
0030: 61 64 30 30 61 33 2c 20 ad00a3,
0038: 62 61 34 65 66 32 64 34 ba4ef2d4
0040: 2c 20 62 61 34 65 65 66 , ba4eef
0048: 64 30 2c 20 62 37 36 38 d0, b768
0050: 38 63 31 61 8c1a

Here is the text from the debugger I ran:

Loading Dump File [C:\WINNT\Minidump\Mini.dmp]
Mini Kernel Dump File: Only registers and stack trace are available

Symbol search path is: srv*c:\symbols*http//msdl.microsoft.com/download/symbols
Executable search path is: c:\winnt\i386
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Windows XP Kernel Version 2600 (Service Pack 2) MP (2 procs) Free x86 compatible
Product: WinNt, suite: TerminalServer SingleUserTS
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055c700
Debug session time: Wed Sep 24 17:33:39.084 2008 (GMT-4)
System Uptime: 0 days 10:12:27.117
Unable to load image ntoskrnl.exe, Win32 error 0n2
*** WARNING: Unable to verify timestamp for ntoskrnl.exe
*** ERROR: Module load completed but symbols could not be loaded for ntoskrnl.exe
Loading Kernel Symbols
............................................................................................................................................................
Loading User Symbols
Loading unloaded module list
..........................................
Unable to load image rdbss.sys, Win32 error 0n2
*** WARNING: Unable to verify timestamp for rdbss.sys
*** ERROR: Module load completed but symbols could not be loaded for rdbss.sys
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

Use !analyze -v to get detailed debugging information.

BugCheck 27, {baad00a3, ba4ef2d4, ba4eefd0, b7688c1a}

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*** WARNING: Unable to verify timestamp for mrxsmb.sys
*** ERROR: Module load completed but symbols could not be loaded for mrxsmb.sys
*** WARNING: Unable to verify timestamp for SYMEVENT.SYS
*** ERROR: Module load completed but symbols could not be loaded for SYMEVENT.SYS
*** WARNING: Unable to verify timestamp for Mup.sys
*** ERROR: Module load completed but symbols could not be loaded for Mup.sys
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
Probably caused by : mrxsmb.sys ( mrxsmb+48c1a )

Followup: MachineOwner
---------

0: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************

RDR_FILE_SYSTEM (27)
If you see RxExceptionFilter on the stack then the 2nd and 3rd parameters are the
exception record and context record. Do a .cxr on the 3rd parameter and then kb to
obtain a more informative stack trace.
The high 16 bits of the first parameter is the RDBSS bugcheck code, which is defined
as follows:
RDBSS_BUG_CHECK_CACHESUP = 0xca550000,
RDBSS_BUG_CHECK_CLEANUP = 0xc1ee0000,
RDBSS_BUG_CHECK_CLOSE = 0xc10e0000,
RDBSS_BUG_CHECK_NTEXCEPT = 0xbaad0000,
Arguments:
Arg1: baad00a3
Arg2: ba4ef2d4
Arg3: ba4eefd0
Arg4: b7688c1a

Debugging Details:
------------------

***** Kernel symbols are WRONG. Please fix symbols to do analysis.

*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: nt!_KPRCB ***
*** ***
*************************************************************************

MODULE_NAME: mrxsmb

FAULTING_MODULE: 804d7000 nt

DEBUG_FLR_IMAGE_TIMESTAMP: 41ede18a

EXCEPTION_RECORD: ba4ef2d4 -- (.exr 0xffffffffba4ef2d4)
ExceptionAddress: b7688c1a (mrxsmb+0x00048c1a)
ExceptionCode: c0000005 (Access violation)
ExceptionFlags: 00000000
NumberParameters: 2
Parameter[0]: 00000000
Parameter[1]: 72667456
Attempt to read from address 72667456

CONTEXT: ba4eefd0 -- (.cxr 0xffffffffba4eefd0)
eax=89fe6900 ebx=00000000 ecx=897fad48 edx=7266744e esi=89803010 edi=b765ec18
eip=b7688c1a esp=ba4ef39c ebp=ba4ef3b4 iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010206
mrxsmb+0x48c1a:
b7688c1a 8b4208 mov eax,dword ptr [edx+8] ds:0023:72667456=????????
Resetting default scope

DEFAULT_BUCKET_ID: WRONG_SYMBOLS

BUGCHECK_STR: 0x27

LAST_CONTROL_TRANSFER: from b7665828 to b7688c1a

STACK_TEXT:
WARNING: Stack unwind information not available. Following frames may be wrong.
ba4ef3b4 b7665828 894c8c00 8a37cbb0 c000020c mrxsmb+0x48c1a
ba4ef3d4 b764300b 897fad48 89f0fc18 ba4ef400 mrxsmb+0x25828
ba4ef3e4 b7641cdf 89f0fc18 ba4ef40b 00000000 mrxsmb+0x300b
ba4ef400 b765676f 00f0fc18 00000001 ba4ef41c mrxsmb+0x1cdf
ba4ef410 b768f018 89f0fc18 ba4ef430 b767fe7e mrxsmb+0x1676f
ba4ef41c b767fe7e 89f0fc18 b765fea0 89813b20 mrxsmb+0x4f018
ba4ef430 b767add3 89813b44 b768eff7 c000020c mrxsmb+0x3fe7e
ba4ef444 b764ba88 89813b20 b768eff7 00000004 mrxsmb+0x3add3
ba4ef494 b7696794 00000009 892fc718 892f94c8 mrxsmb+0xba88
ba4ef4b0 b76968f6 897fad48 00000000 ba4ef4f8 mrxsmb+0x56794
ba4ef4c0 b7680215 897fad48 893656c0 892fc718 mrxsmb+0x568f6
ba4ef4f8 b76c264b 892fc718 89861968 ba4ef62c mrxsmb+0x40215
ba4ef518 b76c2378 8a18c1e4 89861968 892f94c8 rdbss+0x1364b
ba4ef594 b76c24bf 88c95328 ba4ef658 00000001 rdbss+0x13378
ba4ef5d8 b76c2573 88c95328 ba4ef658 00000001 rdbss+0x134bf
ba4ef634 b76bd57f 88c95328 ba4ef658 00000001 rdbss+0x13573
ba4ef668 b76b9d01 88c95328 897a6828 ba4ef6b8 rdbss+0xe57f
ba4ef6cc b76afd51 88c95328 897a67f8 b76b87a8 rdbss+0xad01
ba4ef764 b76b9bb1 b76b87a8 88c62600 88c626f0 rdbss+0xd51
ba4ef78c b7664097 8a18c030 88c62600 897a67f8 rdbss+0xabb1
ba4ef7ac 804ef163 00000000 01c62638 88c62638 mrxsmb+0x24097
ba4ef7ec 804ef163 8a0abc50 88c626f0 88c62738 nt+0x18163
ba4ef824 b7a69d70 8a0abc50 897a67f8 ba4ef85c nt+0x18163
ba4ef840 b7a627b9 ba4ef85c 804f0028 b7a62880 SYMEVENT+0xed70
ba4ef880 804ef163 89f11678 88c62638 88c62638 SYMEVENT+0x77b9
ba4ef8c0 804ef163 8a0a9938 88c62714 88c62638 nt+0x18163
ba4ef9b0 805bdf06 8a18c030 00000000 89469f08 nt+0x18163
ba4efa28 805ba58e 00000000 ba4efa68 00000040 nt+0xe6f06
ba4efa7c 80574f33 00000000 00000000 53845300 nt+0xe358e
ba4efaf8 805758aa ba4efd4c 00100000 ba4efc78 nt+0x9df33
ba4efb54 80577f76 ba4efd4c 00100000 ba4efc78 nt+0x9e8aa
ba4efb94 805409ac ba4efd4c 00100000 ba4efc78 nt+0xa0f76
ba4efbc8 804ff671 badb0d00 ba4efc40 ba4efcc8 nt+0x699ac
ba4efca0 b9db993b ba4efcdc 00000000 00000001 nt+0x28671
ba4efd60 b9dba014 8941ae78 8941ae80 8941ae88 Mup+0x93b
ba4efd7c 80537aff 8941ae78 00000000 8a3fd420 Mup+0x1014
ba4efdac 805cea08 8941ae78 00000000 00000000 nt+0x60aff
ba4efddc 8054546e 80537a10 00000000 00000000 nt+0xf7a08
00000000 00000000 00000000 00000000 00000000 nt+0x6e46e

FOLLOWUP_IP:
mrxsmb+48c1a
b7688c1a 8b4208 mov eax,dword ptr [edx+8]

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: mrxsmb+48c1a

FOLLOWUP_NAME: MachineOwner

IMAGE_NAME: mrxsmb.sys

STACK_COMMAND: .cxr 0xffffffffba4eefd0 ; kb

BUCKET_ID: WRONG_SYMBOLS

Followup: MachineOwner
---------

0: kd> lmvm mrxsmb
start end module name
b7640000 b76ae400 mrxsmb T (no symbols)
Loaded symbol image file: mrxsmb.sys
Image path: mrxsmb.sys
Image name: mrxsmb.sys
Timestamp: Tue Jan 18 23:26:50 2005 (41EDE18A)
CheckSum: 000721B4
ImageSize: 0006E400
Translations: 0000.04b0 0000.04e0 0409.04b0 0409.04e0
I do not know what any of this means. Can anyone translate this and tell me where to look for the reason for the blue screen. Thank you
CJA

Start Free Trial

Keywords: XP Pro machine random blue screen

	Title
1	PE?!?! What's a Friggin' PE?
2	SBS 2003 Blue Screening
3	Issue with PE Encryption
4	Base image blue screen on dell latitude…
5	need help with .mov files please
6	Win XP blue screen of death

Loading Advertisement...

20080716-EE-VQP-32 - Hierarchy / EE_QW_2_20070628

1. slam69 856,130
2. and235... 830,564
3. KCTS 786,907
4. LeeTutor 655,672
5. flubbster 463,863
6. orangutang 436,557
7. nobus 435,439
8. garycase 350,442
9. jcimarron 314,743
10. Jonvee 311,038
11. johnb6767 277,204
12. rindi 268,296
13. war1 262,090
14. RobWill 219,547
15. rpggamer... 218,588
16. Merete 213,301
17. PUNKY 193,335
18. Sheharya... 189,584
19. leew 165,999
20. David-Ho... 146,969
21. briancassin 129,141
22. tigermatt 124,007
23. Shift-3 121,381
24. MotoCrazy 118,722
25. scrathcyboy 117,264

1. Sheharya... 3,771,641
2. LeeTutor 3,307,030
3. sramesh2k 2,016,581
4. and235... 1,964,105
5. war1 1,816,587
6. johnb6767 1,731,818
7. KCTS 1,603,682
8. sirbounty 1,551,563
9. Merete 1,435,872
10. CrazyOne 1,345,842
11. nobus 1,242,723
12. Fatal_Ex... 961,887
13. Kenneniah 947,377
14. leew 947,031
15. sunray_... 893,020
16. slam69 869,030
17. PeteLong 744,127
18. orangutang 732,513
19. rindi 732,129
20. gemarti 727,102
21. rpggamer... 645,273
22. simpswr 608,346
23. stevenle... 605,492
24. Crash2100 590,457
25. garycase 565,069

XP Pro machine random blue screen

Asked by cja-tech-guy in Windows XP Operating System

Tags: Microsoft, XP Pro, new machine less than 4 months old

About this solution